il y a 12 ans · 09f557d871
--- a/src/bin/cmdctl/Makefile.am
+++ b/src/bin/cmdctl/Makefile.am
@@ -57,12 +57,19 @@ b10_certgen_CXXFLAGS = $(BOTAN_INCLUDES)
 
				 b10_certgen_LDFLAGS = $(BOTAN_LIBS)
			
 
				 
			
 
				 # Generate the initial certificates immediately
			
 
				-cmdctl-certfile.pem: b10-certgen
			
 
				-	./b10-certgen -q -w
			
 
				-
			
 
				 cmdctl-keyfile.pem: b10-certgen
			
 
				 	./b10-certgen -q -w
			
 
				 
			
 
				+# This is a hack, as b10-certgen creates both cmdctl-keyfile.pem and
			
 
				+# cmdctl-certfile.pem, and in a parallel make, making these targets
			
 
				+# simultaneously may result in corrupted files. With GNU make, there is
			
 
				+# a non-portable way of working around this with pattern rules, but we
			
 
				+# adopt this hack instead. The downside is that cmdctl-certfile.pem will
			
 
				+# not be re-generated if cmdctl-keyfile.pem exists and is older. See
			
 
				+# Trac ticket #2962.
			
 
				+cmdctl-certfile.pem: cmdctl-keyfile.pem
			
 
				+	touch $(builddir)/cmdctl-keyfile.pem
			
 
				+
			
 
				 if INSTALL_CONFIGURATIONS
			
 
				 
			
 
				 # Below we intentionally use ${INSTALL} -m 640 instead of $(INSTALL_DATA)
			
--- a/src/bin/cmdctl/cmdctl.py.in
+++ b/src/bin/cmdctl/cmdctl.py.in
@@ -601,12 +601,13 @@ class SecureHTTPServer(socketserver_mixin.NoPollMixIn,
 
				             # error)
			
 
				             return ssl_sock
			
 
				         except ssl.SSLError as err:
			
 
				+            self.close_request(sock)
			
 
				             logger.error(CMDCTL_SSL_SETUP_FAILURE_USER_DENIED, err)
			
 
				+            raise
			
 
				         except (CmdctlException, IOError) as cce:
			
 
				+            self.close_request(sock)
			
 
				             logger.error(CMDCTL_SSL_SETUP_FAILURE_READING_CERT, cce)
			
 
				-        self.close_request(sock)
			
 
				-        # raise socket error to finish the request
			
 
				-        raise socket.error
			
 
				+            raise
			
 
				 
			
 
				     def get_request(self):
			
 
				         '''Get client request socket and wrap it in SSL context. '''
			
--- a/src/bin/cmdctl/tests/cmdctl_test.py
+++ b/src/bin/cmdctl/tests/cmdctl_test.py
@@ -15,7 +15,7 @@
 
				 
			
 
				 
			
 
				 import unittest
			
 
				-import socket
			
 
				+import ssl, socket
			
 
				 import tempfile
			
 
				 import time
			
 
				 import stat
			
@@ -729,16 +729,15 @@ class TestSecureHTTPServer(unittest.TestCase):
 
				     def test_wrap_sock_in_ssl_context(self):
			
 
				         sock = socket.socket()
			
 
				 
			
 
				-        # Bad files should result in a socket.error raised by our own
			
 
				-        # code in the basic file checks
			
 
				-        self.assertRaises(socket.error,
			
 
				+        # Bad files should result in a CmdctlException in the basic file
			
 
				+        # checks
			
 
				+        self.assertRaises(CmdctlException,
			
 
				                           self.server._wrap_socket_in_ssl_context,
			
 
				                           sock,
			
 
				                           'no_such_file', 'no_such_file')
			
 
				 
			
 
				-        # Using a non-certificate file would cause an SSLError, which
			
 
				-        # is caught by our code which then raises a basic socket.error
			
 
				-        self.assertRaises(socket.error,
			
 
				+        # Using a non-certificate file would cause an SSLError
			
 
				+        self.assertRaises(ssl.SSLError,
			
 
				                           self.server._wrap_socket_in_ssl_context,
			
 
				                           sock,
			
 
				                           BUILD_FILE_PATH + 'cmdctl.py',